Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

:( I have no idea whats going on. I got rid of Windows Recovery yet problems still persist


  • Please log in to reply
1 reply to this topic

#1 Robertrichardson

Robertrichardson

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 30 April 2011 - 11:11 AM

Ok so anyway. Basically I come home from school to loads of error messages. Something about the hard drive being damaged and blah blah. Well I followed the instructions from http://www.bleepingcomputer.com/virus-removal/remove-windows-recovery to a t. Unfortunately even after completion of these steps only part of my desktop icons returned. All my start menu is still gone and the folders shown are all empty. None of my anit-malware software shows anything but yet each time I attempt to go to a new anti-virus software website it redirects me to some random site like "findstuff.com" or other such bullbleep sites. It also seems to be loading web pages in the background but I can't see them or close them but I can hear the advertisements in my headphones. I know its not advertisements from sites I'm on because I'll have just restarted the computer and I can already hear them. :S Someone please help me. I'm going crazy. I looked at some other topics but they all have logs posted but I have no idea where to find these logs to post. Additionally I'm getting random script errors from internet explorer when I'm not on the web?

BC AdBot (Login to Remove)

 


#2 Robertrichardson

Robertrichardson
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 02 May 2011 - 06:52 PM

Anyway sorry it took so long. After I found your post explaining what all I needed to do I attempted to get logs for you. I got the DDS logs just fine then part way through the gmer program running the logs another virus popped up. I'm assuming because of the random websites running in the background associated with the ads I keep hearing. That virus was called MS Removal tool. I got rid of it in safe mode > Malware Bytes. When the computer restarted though Avast immediately prompted me to do a boot scan. Well I was then able to actually access the internet again well sorta. I'm still being redirected and the adds in the back ground are still going as well as the lack of icons. Hopefully I can get some help soon. :S I have 3 online finals in the next 2 days. Additionally, would it be possible for me to just clean install Windows 7 get rid of the problem entirely?

PS. GMER logs wouldn't post with previous. I got a small box where it would show the attached file and it said "Website not find". Maybe it'll post this time. Still doing it so heres the log in long hand.



ell the gmer log won't seem to attach so...


GMER 1.0.15.15572 - http://www.gmer.net
Rootkit scan 2011-04-28 18:32:37
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3160812AS rev.3.AAE
Running: gmer.exe; Driver: C:\DOCUME~1\ROBERT~1\LOCALS~1\Temp\agedqpob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAEEB3202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAEF19C48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAEED76A1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAEEB57F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAEEB5848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAEEB595E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAEED7055]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAEEB5746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAEEB5898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAEEB579A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAEEB590C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAEEB3226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAEED7D67]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAEED801D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAEEB5BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAEED7BD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAEED7A3D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAEF19CF8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAEEB2FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAEEB324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAEEB5D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAEEB3CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAEEB5820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAEEB5870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAEEB5988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAEED73B1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAEEB5772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAEEB5A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAEEB58D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAEEB57C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAEEB5AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAEEB5936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAEF19D90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAEED78B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAEEB3BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAEED770A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAEF22CAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAEED66C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAEEB326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAEEB3292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAEEB304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAEEB3186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAEED7E6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAEEB3162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAEEB31AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAEEB32B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAEF2F762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059A640 4 Bytes CALL AEEB4335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B0A76 5 Bytes JMP AEF2B11E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B7764 5 Bytes JMP AEF2CBBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C5F68 7 Bytes JMP AEF2F766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
INITc VolSnap.sys B80F3BD0 4 Bytes [F0, 5C, 53, 80]
INITc VolSnap.sys B80F3BF8 4 Bytes [90, 8D, 4F, 80] {NOP ; LEA ECX, [EDI-0x80]}
INITc VolSnap.sys B80F3C20 4 Bytes [0E, 9A, 4F, 80]
INITc VolSnap.sys B80F3C48 4 Bytes [54, D6, 4F, 80]
INITc VolSnap.sys B80F3C70 4 Bytes [44, 94, 4F, 80]
INITc ...
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D753A0, 0x5FE082, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809B45 5 Bytes JMP AEEB6CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF80FBC0 5 Bytes JMP AEEB6BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 4EF BF8255ED 5 Bytes JMP AEEB5F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 1E5F BF8341A1 5 Bytes JMP AEEB6E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 237D BF8346BF 5 Bytes JMP AEEB6B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 4564 BF8368A6 5 Bytes JMP AEEB7014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + EE3F BF841181 5 Bytes JMP AEEB5FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + DE42 BF85AD4E 5 Bytes JMP AEEB5E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3474 BF87111B 5 Bytes JMP AEEB6180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 34FF BF8711A6 5 Bytes JMP AEEB6326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF87593B 5 Bytes JMP AEEB6BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF894CB8 5 Bytes JMP AEEB62FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF8B6854 5 Bytes JMP AEEB6D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 34B7 BF8BA260 5 Bytes JMP AEEB5E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 8A22 BF8BF7CB 5 Bytes JMP AEEB6F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C333C 5 Bytes JMP AEEB603E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8EB97D 5 Bytes JMP AEEB60AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBBFD 5 Bytes JMP AEEB60E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9A43 5 Bytes JMP AEEB5D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19C1 BF913245 5 Bytes JMP AEEB5EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2595 BF913E19 5 Bytes JMP AEEB6008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EF4 BF916778 4 Bytes JMP AEEB6440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18EC BF94468A 5 Bytes JMP AEEB6ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\rundll32.exe[132] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[132] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[132] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[132] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[132] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\rundll32.exe[132] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\rundll32.exe[132] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\rundll32.exe[132] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\rundll32.exe[132] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\rundll32.exe[132] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\rundll32.exe[132] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[132] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[132] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\rundll32.exe[132] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\rundll32.exe[132] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[132] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[132] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[156] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\svchost.exe[156] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\svchost.exe[156] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[156] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[156] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[156] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[156] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[272] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[272] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[360] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00390600
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001601F8
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001603FC
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003B01F8
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003B03FC
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003B0804
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003B0A08
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003B0600
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003C1014
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003C0804
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003C0A08
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003C0C0C
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003C0E10
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003C01F8
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003C03FC
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003C0600
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 005B000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] WS2_32.dll!connect 71AB406A 5 Bytes JMP 0057000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] WS2_32.dll!send 71AB428A 5 Bytes JMP 0059000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0056000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 005A000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 0055000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[568] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0058000A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00371014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00370804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00370A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00370C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00370E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003701F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003703FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00370600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[596] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PnkBstrA.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\PnkBstrA.exe[832] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\PnkBstrA.exe[832] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\PnkBstrA.exe[832] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\PnkBstrA.exe[832] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\PnkBstrA.exe[832] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\PnkBstrA.exe[832] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PnkBstrB.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\PnkBstrB.exe[876] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\PnkBstrB.exe[876] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\PnkBstrB.exe[876] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\PnkBstrB.exe[876] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\PnkBstrB.exe[876] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\PnkBstrB.exe[876] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\spoolsv.exe[888] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[888] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[888] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\spoolsv.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\spoolsv.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\spoolsv.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\spoolsv.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\spoolsv.exe[888] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\spoolsv.exe[888] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\spoolsv.exe[888] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\spoolsv.exe[888] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[888] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[888] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[888] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[888] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\smss.exe[980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001601F8
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001603FC
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003B01F8
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003B03FC
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 003B0804
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 003B0A08
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 003B0600
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 003C1014
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 003C0804
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 003C0A08
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 003C0C0C
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 003C0E10
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003C01F8
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003C03FC
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 003C0600
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0165000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] WS2_32.dll!connect 71AB406A 5 Bytes JMP 0161000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] WS2_32.dll!send 71AB428A 5 Bytes JMP 0163000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 012F000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 0164000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 012E000A
.text C:\Documents and Settings\ROBERT RICHARDSON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1008] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 0162000A
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001401F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001403FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003701F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003703FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00370804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00370A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00370600
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[1024] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\csrss.exe[1080] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1080] KERNEL32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1104] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\winlogon.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\winlogon.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\winlogon.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\winlogon.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\winlogon.exe[1104] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\winlogon.exe[1104] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\winlogon.exe[1104] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\winlogon.exe[1104] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1104] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1104] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1104] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1104] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1148] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00311014
.text C:\WINDOWS\system32\services.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\services.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\services.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00310C0C
.text C:\WINDOWS\system32\services.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00310E10
.text C:\WINDOWS\system32\services.exe[1148] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\services.exe[1148] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\services.exe[1148] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\services.exe[1148] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\services.exe[1148] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\services.exe[1148] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 00320804
.text C:\WINDOWS\system32\services.exe[1148] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 00320A08
.text C:\WINDOWS\system32\services.exe[1148] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 00320600
.text C:\WINDOWS\system32\lsass.exe[1168] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1168] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 002A1014
.text C:\WINDOWS\system32\lsass.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 002A0804
.text C:\WINDOWS\system32\lsass.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 002A0A08
.text C:\WINDOWS\system32\lsass.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 002A0C0C
.text C:\WINDOWS\system32\lsass.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 002A0E10
.text C:\WINDOWS\system32\lsass.exe[1168] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 002A01F8
.text C:\WINDOWS\system32\lsass.exe[1168] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 002A03FC
.text C:\WINDOWS\system32\lsass.exe[1168] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 002A0600
.text C:\WINDOWS\system32\lsass.exe[1168] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1168] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1168] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1168] USER32.dll!UnhookWindowsHookEx 77D6F29F 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1168] USER32.dll!SetWindowsHookExA 77D702B2 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C916AC2 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\nvsvc32.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C867E3C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77E36C29 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77E36D11 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77E36EA9 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77E36FA9 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77E37031 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ADVAPI32.dll!CreateServiceA 77E370B9 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ADVAPI32.dll!CreateServiceW 77E37251 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[1336] ADVAPI32.dll!DeleteService 77E37359 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[1336] USER32.dll!SetWinEventHook 77D6E3D3 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[1336] USER32.dll!UnhookWinEvent 77D6E544 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[1336] USER32.dll!SetWindowsHookExW 77D6E621 5 Bytes JM




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users